Page 1 of 1

Authorization libraries

Posted: Fri Jun 13, 2008 3:15 pm
by raghavan20
i have been searching for some authorization libraries so that i do not reinvent the wheel. i have common kind of entities as most applications have.

the following are there
1. objects
2. different actions that can be perfomed on those objects
3. users
4. groups

a common complex condition may be
an owner can only edit an article but anyone can view an article.
or they may be silly multiple custom checks to be perfomed before action is allowed on an object.


i did go through Zend_Acl but it seems to be simple, jus resource -> group mapping. I was going through PEAR, there is one called LiveUser_Admin but it does not have any good end user documentation.

you guys aware of any reliable authorization library around?

thanks.

Re: Authorization libraries

Posted: Fri Jun 13, 2008 3:23 pm
by Christopher
phpGACL?

Re: Authorization libraries

Posted: Fri Jun 13, 2008 3:28 pm
by Weirdan
arborint wrote:phpGACL?
Have you used it?

Re: Authorization libraries

Posted: Fri Jun 13, 2008 3:34 pm
by Christopher
Yes. It was fairly straightforward to use as I recall. It uses ADOdb which may be a limitation. My project did ... so that simplified things.

Re: Authorization libraries

Posted: Fri Jun 13, 2008 4:27 pm
by alex.barylski
I've looked at both phpGACL and Zend_Acl (as we speak). I have even sat down and considered the best way to solve the problem, but could never convince myself of it's worth while.

I don't get it. Why not just setup a simple table with permission bits for each action (Create User, Remove User, Update User, etc) and store the table in an array/object/etc and check the bits with an IF statement -- which is what you have to do anyways I think.

Seems Zend_Acl wants to restrict access at an object level. I have never required such exacting control, it's more about page requests and actions.

You could easily wrap permission bits up into groups or roles even, so I fail to see the purpose of these libraries.

Anyone care to share their experiences? What am I missing?

Re: Authorization libraries

Posted: Fri Jun 13, 2008 4:31 pm
by VladSun
I use this solution:
viewtopic.php?f=50&t=81792

So, my roles permissions are defined for each controller object/method.